[Snort-users] alerts with date of 1969

Matt Kettler mkettler at ...4108...
Tue Oct 19 12:54:11 EDT 2004


At 01:19 PM 10/19/2004, Nick White wrote:
>I'm running snort 2.2.0 on FreeBSD 5.2.1-RELEASE on sparc64 hardware.
>Every time an alert gets logged, the date is from 1969. I've checked
>the date from the server, and everything seems ok: # date
>Tue Oct 19 10:16:09 PDT 2004

What kind of alert logging are you using? sql? syslog? fast? full? unified? 
unix socket?

The time output for each of these is implemented a bit differently.

fast and full both seem to use ts_print() from util.c.

Database outputs seem to use GetTimestamp() from plugbase.c

Unified seems to dump it in raw binary.

Syslog seems to not bother, relying on syslogd to add it.






More information about the Snort-users mailing list